-
-
Notifications
You must be signed in to change notification settings - Fork 64
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add compile-time object_size checks as with FORTIFY _chk #40
Comments
rurban
added a commit
that referenced
this issue
Feb 6, 2018
sizeof(dest)!=dmax checks as user-defined warnings (clang). when __builtin_object_size returns the known object size. See GH #40 e.g.: test_strcoll_s.c:81:39: warning: wrong dmax [-Wuser-defined-warnings] rc = strcoll_s(str1, 0, str2, &ind);
rurban
added a commit
that referenced
this issue
Feb 6, 2018
sizeof(dest)!=dmax checks as user-defined warnings (clang). when __builtin_object_size returns the known object size. See GH #40 e.g.: test_strcoll_s.c:81:39: warning: wrong dmax [-Wuser-defined-warnings] rc = strcoll_s(str1, 0, str2, &ind);
rurban
added a commit
that referenced
this issue
Feb 6, 2018
sizeof(dest)!=dmax checks as user-defined warnings (clang). when __builtin_object_size returns the known object size. See GH #40 e.g.: test_strcoll_s.c:81:39: warning: wrong dmax [-Wuser-defined-warnings] rc = strcoll_s(str1, 0, str2, &ind);
rurban
added a commit
that referenced
this issue
Feb 6, 2018
sizeof(dest)!=dmax checks as user-defined warnings (clang). when __builtin_object_size returns the known object size. See GH #40 e.g.: test_strcoll_s.c:81:39: warning: wrong dmax [-Wuser-defined-warnings] rc = strcoll_s(str1, 0, str2, &ind);
rurban
added a commit
that referenced
this issue
Feb 6, 2018
sizeof(dest)!=dmax checks as user-defined warnings (clang). when __builtin_object_size returns the known object size. See GH #40 e.g.: test_strcoll_s.c:81:39: warning: wrong dmax [-Wuser-defined-warnings] rc = strcoll_s(str1, 0, str2, &ind);
rurban
added a commit
that referenced
this issue
Feb 7, 2018
and foresee an --enable-error-dmax/HAVE_ERROR_DMAX option. See GH #40
rurban
added a commit
that referenced
this issue
Feb 7, 2018
and foresee an --enable-error-dmax/HAVE_ERROR_DMAX option. See GH #40
rurban
added a commit
that referenced
this issue
Feb 8, 2018
and foresee an --enable-error-dmax/HAVE_ERROR_DMAX option. See GH #40
rurban
added a commit
that referenced
this issue
Feb 25, 2018
Closes #40. Todo: Now the msvcrt checks can be switched back to compile-time, and #ifdef's.
rurban
added a commit
that referenced
this issue
Feb 26, 2018
sizeof(dest)!=dmax checks as user-defined warnings (clang). when __builtin_object_size returns the known object size. See GH #40 e.g.: test_strcoll_s.c:81:39: warning: wrong dmax [-Wuser-defined-warnings] rc = strcoll_s(str1, 0, str2, &ind);
rurban
added a commit
that referenced
this issue
Feb 26, 2018
and foresee an --enable-error-dmax/HAVE_ERROR_DMAX option. See GH #40
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
With newer compilers and -D_FORTIFY_SOURCE>=2 check the dmax sizes at compile-time against __builtin_object_size (=BOS) compiler builtins, similar to the glibc and Bionic FORTIFY _chk functions, with gcc and newer clang. Just at compile-time already, not at run-time.
Add compile-time errors and warnings, and run-time warnings on --enable-warn-dmax if the 2 sizes deviate.
With clang-7 even add compile-time warnings and errors, without clang-7/diagnose_if defer to run-time.
The compile-time warning is a -Wuser-defined-warnings, and may be suppressed or increased to -Werror.
A fatalized ESLEWRNG does not clear dest.
This might catch more wrong dmax, smax args, when the object-size is known at compile-time.
It it does no harm writing them out explicitly at the user call-site, it's even better. Yes, glibc disagrees, for the additional arg pass-thru performance hit. It's one single register/stack write.
An object may suddenly be dynamically malloced, and then glibc turns insecure, we not.
e.g.
=> "strcpy_s: wrong dmax 79, dest has size 80" warnings to the invoke_safe_str_constraint_handler, only visible if a handler is installed.
See https://android-developers.googleblog.com/2017/04/fortify-in-android.html
esp. the new
diagnose_if
https://clang.llvm.org/docs/AttributeReference.html#diagnose-ifThe text was updated successfully, but these errors were encountered: